Add your own alternative version
Stats
268K views 35.7K downloads 161 bookmarked
Posted
4 Aug 2009

Comments and Discussions



Hello this article is awesome. learn lots of thing with this. here i have tested this with two different key means different public and private key of created. or created private key and other public key. so here in both cases i am successfully encrypt and decrypt.





Dudi, how to start winform application to encrypt file with your RSA?





Hello, the winform application is just a tester for string encryption,
it's not meant to encrypt files.
RSA encryption is limited and usually cannot used to encrypt files directly.
Common practice is to RSA encrypt regular (symmetric) 256bit key,
and encrypt the file with that key.





Thank you very much Dudi Bedner for this tutorial. Really it helps me a lot in order to implement RSA algorithm.





Throws that exception while decoding, using default data on the example binary.
Perhaps doesn't work the same for all locations.





I could address your question if you would be more specific.
for instance, I'm not sure what you mean by "default data".





Very, very easy 5. Thank you for sharing.






Sorry I'm new in encryption and security
I need to publish some data which is not so sensitive but should not be easily readable or copy paste by others. I must have to publish it in simple text/xml file publicly so everyone can easily access it.
I want only my application can decrypt/read this xml file.
But the problem is file size will be increased periodically may be in few years xml file size reached 100 or more MBs.
If this occurs, Can this method handle this?
Or do you have any other security suggestion for me? Kindly share.





If it's too late for you, maybe others will benefit from the answer:
RSA encryption can't handle more data the the key size (a few KB at most), without performing voodoo maneuvers of slicing the data.
The obvious solution is to encrypt the data using symmetric key algorithm like AES.
If asymmetric (two keys) algorithm is required, you can use the RSA asymmetric algorithm to encrypt the AES key.





I have the Private key (from 'pem' file) as string.
But the method which im using accepts the parameter as 'Private key'
getSignaute(java.security.PrivateKey pk, string inputxml)
how to convert string to private key (in C#.net)





The last update is using .net 4 BigInteger, I'm wondering if you found any bug in the previous own BigInteger implementation ?
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/+&WLEZGc`AFXc!L
%^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN%
R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaKiTV.C\y<pjxsgb$f4ia>

128 bit encrypted signature, crack if you can





If you referring to Chew Keong TAN work C# BigInteger Class, it does have some bugs, you can review them in the article comments.
Anyway, you can add this class to the project instead of the new .NET class if you really want to.





Yes I tried to use that BigInteger class with your new extensions version but decoding was not correct.
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/+&WLEZGc`AFXc!L
%^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN%
R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaKiTV.C\y<pjxsgb$f4ia>

128 bit encrypted signature, crack if you can





Any particular reason you want to use this custom BigInteger class?





No reason, just want to use this encryption in framework 2.0
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/+&WLEZGc`AFXc!L
%^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN%
R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaKiTV.C\y<pjxsgb$f4ia>

128 bit encrypted signature, crack if you can







1. PrivateEncryption:
say rsaParams.Modulus = 256, there is a chance encData.ToByteArray().Length is 257 (due to most significant zero byte)
this results in encrypted data length that is not dividable by 8.
2. PublicDecryption:
BigInteger numEncData = new BigInteger(cipherData);
does not take into account most significant bit and may generate negative BigNumber resulting in incorrect result size. (cipherData needs to be padded with 0x00)
Rather than blaming error on your implementation this concludes that working with BigInteger is a headache and .NET should have rather made both SignedBigInteger and UnsignedBigInteger to ease the pain.





I've come across this problem, 256 or 257 bytes are returned.
Have you been able to find a solution?





can you explain the scenario 2:
"The reverse is also true: if Alice would encrypt the message using her own Private Key, Bob (and Eve, and everyone who can access this "encrypted" message) can decrypt it using Alice's Public Key. So, if everybody can decrypt it, what's the point in encrypting the message with a Private Key in the first place? Well, there is a point if Bob wants to make sure that the message has been written by Alice and not by someone else (Eve?)."
I am little bit confused with the "Alice own private key" here, are we talking about two pairs of keys(pub/pri) with private keys holding on receivers and public keys were given out to senders? I hope you can explain more in details.
My understanding, not sure it is correct, is that Bob holds 1 pair of key (public/private), he gave Alice Public key to encrypt the message, right now he wants to verify if the decrypted message came from Alice, he uses his original private key to sign(encrypt) the message, Alice can decrypt with PUBLIC key given by Bob, but anyone who has public key can decrypt it, what's the added value here.
Please forgive my verbose question, I would appreciate if it can be explained in the user case example for scenario 2 context.
Thanks in advance
adam





Quote: are we talking about two pairs of keys(pub/pri) with private keys holding on receivers and public keys were given out to senders?
No. the private key is hold by one person (Alice in our scenario 2), and the matched public key in open to the world (Bob included)...
When Alice encrypts the message with her own private key (the message itself is not a secret, anybody can decrypt it using Alice public key),
Bob can verify that the message was (written and) encrypted by Alice and not by an impostor.





Does not distinguish or explain difference between signing or encryption (well), does not perform correct padding. Modular exponentiation is not encryption per se, or signature generation for that matter.





Quote: Does not distinguish or explain difference between signing or encryption
Well, the majority of the other voters will beg the differ.
Quote: does not perform correct padding.
It might be different, notsosophisticated way for padding.
But it's simple, it's working and it's certainly not "Incorrect".
Quote: Modular exponentiation is not encryption per se
Actually, Modular Exponentiation is the widest implementation to RSA encryption
For further discussion I will have to see some code / unit tests breaking the implemented ("incorrect") padding or private encryption, good luck!





Sorry to bring this to you, but unless you publish a paper describing the security of your scheme, this is just a bunch of code. Using the private key for encryption instead of signing breaks the security of RSA. You should not even claim this to be RSA.
Besides, if it is anything, this code is a signature scheme with message recovery, not a method of encryption.
modified 20Dec14 16:29pm.





Member 8948821 wrote: Using the private key for encryption instead of signing breaks the security of RSA.
Please explain how ?
TVMU^P[[IGIOQHG^JSH`A#@`RFJ\c^JPL>;"[,*/+&WLEZGc`AFXc!L
%^]*IRXD#@GKCQ`R\^SF_WcHbORY87֦ʻ6ϣN8ȤBcRAV\Z^&SU~%CSWQ@#2
W_AD`EPABIKRDFVS)EVLQK)JKQUFK[M`UKs*$GwU#QDXBER@CBN%
R0~53%eYrd8mt^7Z6]iTF+(EWfJ9zaKiTV.C\y<pjxsgb$f4ia>

128 bit encrypted signature, crack if you can





Hi Dudi. Thanks for the great article. It doesn't seem to be possible to add a .net 4 assembly to SQL Server 2008. Your old code should work though. Do you still have that available? Take care, Hennie.





Hi Dudi Bedner!
I found some cases that the code failed with specific keypair/plaintext.
I used this private key:
"<RSAKeyValue><Modulus>2KNBWU7v7JTt3qQxSh8hh6gKwIbCp2DYp5SZB7lQuzZukSDzYoy0eBDdmjFGX/sN2KIloVDMLneo8Lg+0YRRc11usV+qMWtFCRIHzxeA6n+gadVsgCqblCoiKYy8aN3eodcrUIJXCG6jNnBBQxc6aGUIBOYBrTfUjZ1TsH/FhRk=</Modulus><Exponent>AQAB</Exponent><P>69px/444P+cIaKuqljaPxrRL/hvxXpx8wni4SpriLPLrhM9UZISc3fk8U8Vo6+63V0wJquTaP7RaaSm3VOCL3w==</P><Q>6yScSEG2YwSIVlzy5FBLFBBEXQpCZQOjSjenjvu4PP3950ikU4WqBj9zjnAYwgHahHev6x4LWCRcTCteoXSOBw==</Q><DP>LBw5z+LocEMkVncsu1VPBIm54LeXJ+u6haCQTxuyi1ePZtJj5TzMHdO8TaqRGfcWgRQuhrCwhNOVSS/NIumwHw==</DP><DQ>ZL7v0qmM6kmz3ETAsH+SW0tI7xAJOFxhptfHi6Rf4In2MhTWiw52tWyUJw/yG5VNuXnKPpNFywLxJJVkWwqkGw==</DQ><InverseQ>Q7uyU8ELBhPc41+JFH9QYTiApyeJwpsZM5mUJd2nYdvZ9D9c8eFWF1NJJJrXM8CNUT9ayXnrfesQDGIlqRvJwA==</InverseQ><D>dxH8GA839cvBli6e3MORlVM6Xal0EbU8P5eAKOulQNDhIql+vHrjsl5qvpY4vQZrDNfKYQjcwOmKFIzgEh5s+T3P3E9+6lfePTE5DFbgZnrRT45SVyn/KUoJwbfSns+/KC7KGeWaHIJsnHo0YeDx8ZXO0KouOiBnti4bFWtXO8U=</D></RSAKeyValue>"
...to encrypt the plaintext:
34B273C6
Then I decrypted the cipher using the public key but the result was not match the plaintext.
You can see more in the attached file.
Soucre code: Download
modified 26Feb14 6:29am.





Hi,
I test your code, you have to replace
CreateAndCheckLicense(HexStringToByteArray("34B273C6"));
with
CreateAndCheckLicense(Convert.FromBase64String("34B273C6"));
and
string result = string.Format("Serial Number {0} ==> OK!", ByteArrayToHexString(serialNumber));
with
string result = string.Format("Serial Number {0} ==> OK!", Convert.ToBase64String(serialNumber));
I hope this help you






Oh, the more I read, the more I start to believe that your code is what I am looking for...
But why doesn't this work on RSACryptoServiceProvider ???
By the way, I think that it is better if the Random inside your AddPadding() goes to class scope and becomes static.
If Random uses the time of the clock to get initialized you might get the same padding bytes many times (I think).
EDIT :
Yep, here you go (http://msdn.microsoft.com/enus/library/System.Random.aspx[^]):
The random number generation starts from a seed value. If the same seed is used repeatedly, the same series of numbers is generated. One way to produce different sequences is to make the seed value timedependent, thereby producing a different series with each new instance of Random. By default, the parameterless constructor of the Random class uses the system clock to generate its seed value, while its parameterized constructor can take an Int32 value based on the number of ticks in the current time. However, because the clock has finite resolution, using the parameterless constructor to create different Random objects in close succession creates random number generators that produce identical sequences of random numbers. The following example illustrates that two Random objects that are instantiated in close succession generate an identical series of random numbers.
Kostas
modified 4Aug13 5:38am.





Hi!
In your old version from 2009 I was able to encrypt usign the public key and decrypt using the private key.
The new version lacks those methods.
For a true twoway crypto I will need those two.
I tried implementing them but I get garbage when decrypting. What am I missing?
Public ENCRYPT:
BigInteger numData = GetBig( AddPadding( data ) );
RSAParameters rsaParams = rsa.ExportParameters( false );
//BigInteger D = GetBig( rsaParams.D ); //only for private key
BigInteger Exponent = GetBig( rsaParams.Exponent );
BigInteger Modulus = GetBig( rsaParams.Modulus );
BigInteger encData = BigInteger.ModPow( numData, Exponent, Modulus );
Private DECRYPT:
BigInteger numEncData = new BigInteger( cipherData );
RSAParameters rsaParams = rsa.ExportParameters( true );
BigInteger D = GetBig( rsaParams.D );
//BigInteger Exponent = GetBig( rsaParams.Exponent );
BigInteger Modulus = GetBig( rsaParams.Modulus );
BigInteger decData = BigInteger.ModPow( numEncData, D, Modulus );
byte[] data = decData.ToByteArray();
byte[] result = new byte[ data.Length  1 ];
Array.Copy( data, result, result.Length );
result = RemovePadding( result );
Array.Reverse( result );
return result;
Can you help? I would appreciate it very much!





Any reason not to use the the builtin RSACryptoServiceProvider methods
for public encryption and private decryption?
var rsa = new RSACryptoServiceProvider();
byte[] secretData = new byte[] { };
byte[] encrypted = rsa.Encrypt(secretData, true);
byte[] decrypted = rsa.Decrypt(encrypted, true);






Thank you for this piece of code and the sample. I am very new to encryption/certificates and I have to encrypt/decrypt creditcard data store within a SQLServer DB.
Is it possible to load the key pairs from a certificate store (X509) ? ...and if so, can you give me some advice for how to do it ?
Thanks in advance.
cu., drice aka. A. Thiede






Is this solution compatible with the PHP functions openssl_private_encrypt and openssl_private_decrypt?





No because it it broken. Nobody in their right mind encrypts with the private key.





Encoding.UTF8.GetBytes() Encoding.UTF8.GetString() method not worked properly.
error message "The data to be decrypted exceeds the maximum for this modulus of 128 bytes."





Encoding.UTF8.GetBytes("your string to encrypt").Length
Should not exceed the length of the key,
create a RSACryptoServiceProvider object with a larger key if it does.
If this doesn't help, post the full stack trace and the string parameter.
Regards,
Dudi.






Nice program...I do BIOS work and would like to add RSA2048 support to help verify some BIOS related security data I have. I don't have a lot of experience with .net for c#, but I rebuilt the project with a larger big interger size, and I can indeed load RSA2048 keys and get a Private ey encryption answer now...
But...the Public Key exponent still shows the value 0x101, and not the value in the source xml key file which is 0x10001, so I suspect that the result might not be correct...and also...that there might be additional changes needed to fully support RSA 2048 encryption/decryption.
Can anyone help me with this???
Thaanks a bunch....





Update: After changing this line below to read...
private const int maxLength = 200;
...to accomodate larger BigIntegers, and then rebuilding...even though the Public Key exponent displays wrong (as 0x101 instead of 0x10001), the RSA=2048 Public Key decryption works fine...so far the results match those of the library I'm comparing against(!!!)
Thanks again for the great work.....





i Have this code how can i decode it?
êêrmTp–؛î{Vژٹغ.1w»·£lعهةہR}‹gے8[‰¶ُkçًےAiaE*n–ًع¥خَï !ھm¯†إنـrè¬cqْ2r—ة>‰…qB[1:”qü”
ةpؤچ¸N/تl@®k(éجuَbL“ù†
Thanks in advance





the decrypted string shown is not the same as original. weird symbols are shown in the decrypted message.Kindly provide a solution for the same.







"We've demonstrated that a faultbased attack on the RSA algorithm is possible,"
said Professor Todd Austin said. "Hopefully, this will cause manufacturers to make a few
small changes to their implementation of the algorithm. RSA is a good algorithm and I think,
ultimately, it will survive this type of attack.
End quote
Anyway, I'm not sure whether that article is relevant to this one...
modified 8Feb12 13:11pm.





Hi
This is a good project  giving lots of insights.
My two issues:
1. Is it possible to system.numeric.biginteger ?
2. should some random padding be given even to string messages ?
is it done in case rsacryptoserviceprovider ?
Thanks
Abhishek





Interesting points!
I might rewrite the entire class using the new
"System.Numerics.BigInteger" .NET 4 struct (Thanks!),
and all the corrections needed as mentioned at the previous posts.
stay tuned..!







General News Suggestion Question Bug Answer Joke Praise Rant Admin Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

